SUSE-SU-2023:3474-1: important: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server

SUSE-MANAGER-UPDATES null at suse.de
Tue Feb 27 12:30:25 UTC 2024



# Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch
Server

Announcement ID: SUSE-SU-2023:3474-1  
Rating: important  
References:

  * bsc#1175823
  * bsc#1208528
  * bsc#1208577
  * bsc#1209156
  * bsc#1210103
  * bsc#1210994
  * bsc#1211100
  * bsc#1211469
  * bsc#1211650
  * bsc#1211884
  * bsc#1212032
  * bsc#1212106
  * bsc#1212416
  * bsc#1212507
  * bsc#1212589
  * bsc#1212700
  * bsc#1212943
  * bsc#1213880
  * bsc#1214187
  * bsc#1214333
  * jsc#MSQA-698

  
Cross-References:

  * CVE-2023-29409

  
CVSS scores:

  * CVE-2023-29409 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2023-29409 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

  
Affected Products:

  * SUSE Manager Proxy 4.2
  * SUSE Manager Proxy 4.2 Module 4.2
  * SUSE Manager Retail Branch Server 4.2
  * SUSE Manager Server 4.2
  * SUSE Manager Server 4.2 Module 4.2

  
  
An update that solves one vulnerability, contains one feature and has 19
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

### Description:

This update fixes the following issues:

spacecmd:

  * Version 4.2.24-1
  * Update translations

spacewalk-backend:

  * Version 4.2.29-1
  * Use a constant to get the product name in python code rather than reading
    rhn.conf (bsc#1212943)
  * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-web:

  * Version 4.2.36-1
  * Update translations
  * Fix VHM CPU and RAM display when 0 (bsc#1175823)
  * Fix parsing error when showing notification message details (bsc#1211469)

How to apply this update:

  1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
  2. Stop the proxy service: `spacewalk-proxy stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-proxy start`

## Recommended update for SUSE Manager Server 4.2

### Description:

This update fixes the following issues:

hub-xmlrpc-api:

  * Security fix:
  * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to
    8192 bits to avoid DoSing client/server while validating signatures for
    extremely large RSA keys. (bsc#1213880)
    * There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version.

spacecmd:

  * Version 4.2.24-1
  * Update translations

spacewalk-backend:

  * Version 4.2.29-1
  * Use a constant to get the product name in python code rather than reading
    rhn.conf (bsc#1212943)
  * Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-java:

  * Version 4.2.55-1
  * Set swap memory value if available
  * Set primary FQDN to hostname if none is set (bsc#1209156, bsc#1214333)
  * Version 4.2.54-1
  * Consider venv-salt-minion package update as a Salt update to prevent
    backtraces on upgrading salt with itself (bsc#1211884)
  * Version 4.2.53-1
  * Fix "more then one method candidate found" for API function (bsc#1211100)
  * Fixed a bug that caused the tab Autoinstallation to hide when clicking on
    Power Management Management/Operations on SSM -> Provisioning
  * Update copyright year (bsc#1212106)
  * Disable jinja processing for the roster file (bsc#1211650)
  * Version 4.2.52-1
  * Update jetty-util to version 9.4.51
  * Version 4.2.51-1
  * Update version of Tomcat build dependencies

spacewalk-reports:

  * Version 4.2.8-1
  * Drop Python2 compatibility (bsc#1212589)

spacewalk-setup:

  * Version 4.2.13-1
  * Drop usage of salt.ext.six in embedded_diskspace_check

spacewalk-utils:

  * Version 4.2.20-1
  * Drop Python2 compatibility

spacewalk-web:

  * Version 4.2.36-1
  * Update translation
  * Fix VHM CPU and RAM display when 0 (bsc#1175823)
  * Fix parsing error when showing notification message details (bsc#1211469)

susemanager:

  * Version 4.2.44-1
  * Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE
    Manager Proxy 4.2 (bsc#1214187)
  * Version 4.2.43-1
  * Add missing Salt 3006.0 dependencies to bootstrap repo definitions
    (bsc#1212700)
  * Make mgr-salt-ssh to properly fix HOME environment to avoid issues with
    gitfs (bsc#1210994)

susemanager-doc-indexes:

  * Typo correction for Cobbler buildiso command in Client Configuration Guide
  * Replaced plain text with dedicated attribute for AutoYaST
  * Added a note about Oracle Unbreakable Linux Network mirroring requirements
    in Client Configuration Guide (bsc#1212032)
  * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported
    clients in the Client Configuration Guide
  * Fixed missing tables of content in the Reference Guide (bsc#1208577)
  * Fixed instruction for Single sign-on implementation example in the
    Administration Guide (bsc#1210103)
  * Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-docs_en:

  * Typo correction for Cobbler buildiso command in Client Configuration Guide
  * Replaced plain text with dedicated attribute for AutoYaST
  * Added a note about Oracle Unbreakable Linux Network mirroring requirements
    in Client Configuration Guide (bsc#1212032)
  * Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported
    clients in the Client Configuration Guide
  * Fixed missing tables of content in the Reference Guide (bsc#1208577)
  * Fixed instruction for Single sign-on implementation example in the
    Administration Guide (bsc#1210103)
  * Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-schema:

  * Version 4.2.29-1
  * Add schema directory for susemanager-schema-4.2.29

susemanager-sls:

  * Version 4.2.35-1
  * Do not disable salt-minion on salt-ssh managed clients
  * Use venv-salt-minion instead of salt for docker states (bsc#1212416)

How to apply this update:

  1. Log in as root user to the SUSE Manager Server.
  2. Stop the Spacewalk service: `spacewalk-service stop`
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: `spacewalk-service start`

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Proxy 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3474=1

  * SUSE Manager Server 4.2 Module 4.2  
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3474=1

## Package List:

  * SUSE Manager Proxy 4.2 Module 4.2 (noarch)
    * spacewalk-backend-4.2.29-150300.4.44.5
    * spacewalk-base-minimal-config-4.2.36-150300.3.47.5
    * spacecmd-4.2.24-150300.4.42.3
    * spacewalk-base-minimal-4.2.36-150300.3.47.5
  * SUSE Manager Server 4.2 Module 4.2 (ppc64le s390x x86_64)
    * inter-server-sync-debuginfo-0.3.0-150300.8.36.1
    * susemanager-4.2.44-150300.3.59.1
    * hub-xmlrpc-api-0.7-150300.3.14.2
    * inter-server-sync-0.3.0-150300.8.36.1
    * susemanager-tools-4.2.44-150300.3.59.1
  * SUSE Manager Server 4.2 Module 4.2 (noarch)
    * spacewalk-java-lib-4.2.55-150300.3.73.2
    * spacewalk-backend-package-push-server-4.2.29-150300.4.44.5
    * spacewalk-backend-xml-export-libs-4.2.29-150300.4.44.5
    * spacewalk-base-minimal-4.2.36-150300.3.47.5
    * spacewalk-utils-extras-4.2.20-150300.3.27.3
    * spacewalk-setup-4.2.13-150300.3.21.3
    * spacewalk-backend-iss-4.2.29-150300.4.44.5
    * spacewalk-backend-xmlrpc-4.2.29-150300.4.44.5
    * spacewalk-html-4.2.36-150300.3.47.5
    * spacewalk-java-4.2.55-150300.3.73.2
    * susemanager-doc-indexes-4.2-150300.12.48.5
    * spacewalk-utils-4.2.20-150300.3.27.3
    * spacewalk-backend-4.2.29-150300.4.44.5
    * spacewalk-base-4.2.36-150300.3.47.5
    * spacewalk-backend-tools-4.2.29-150300.4.44.5
    * spacewalk-backend-sql-postgresql-4.2.29-150300.4.44.5
    * susemanager-sls-4.2.35-150300.3.54.3
    * spacecmd-4.2.24-150300.4.42.3
    * spacewalk-java-config-4.2.55-150300.3.73.2
    * susemanager-schema-4.2.29-150300.3.41.5
    * spacewalk-backend-server-4.2.29-150300.4.44.5
    * spacewalk-base-minimal-config-4.2.36-150300.3.47.5
    * spacewalk-backend-sql-4.2.29-150300.4.44.5
    * spacewalk-backend-applet-4.2.29-150300.4.44.5
    * spacewalk-backend-config-files-4.2.29-150300.4.44.5
    * susemanager-docs_en-pdf-4.2-150300.12.48.3
    * susemanager-docs_en-4.2-150300.12.48.3
    * spacewalk-java-postgresql-4.2.55-150300.3.73.2
    * spacewalk-backend-config-files-tool-4.2.29-150300.4.44.5
    * spacewalk-backend-app-4.2.29-150300.4.44.5
    * spacewalk-reports-4.2.8-150300.3.12.3
    * spacewalk-backend-iss-export-4.2.29-150300.4.44.5
    * uyuni-config-modules-4.2.35-150300.3.54.3
    * spacewalk-taskomatic-4.2.55-150300.3.73.2
    * spacewalk-backend-config-files-common-4.2.29-150300.4.44.5

## References:

  * https://www.suse.com/security/cve/CVE-2023-29409.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1175823
  * https://bugzilla.suse.com/show_bug.cgi?id=1208528
  * https://bugzilla.suse.com/show_bug.cgi?id=1208577
  * https://bugzilla.suse.com/show_bug.cgi?id=1209156
  * https://bugzilla.suse.com/show_bug.cgi?id=1210103
  * https://bugzilla.suse.com/show_bug.cgi?id=1210994
  * https://bugzilla.suse.com/show_bug.cgi?id=1211100
  * https://bugzilla.suse.com/show_bug.cgi?id=1211469
  * https://bugzilla.suse.com/show_bug.cgi?id=1211650
  * https://bugzilla.suse.com/show_bug.cgi?id=1211884
  * https://bugzilla.suse.com/show_bug.cgi?id=1212032
  * https://bugzilla.suse.com/show_bug.cgi?id=1212106
  * https://bugzilla.suse.com/show_bug.cgi?id=1212416
  * https://bugzilla.suse.com/show_bug.cgi?id=1212507
  * https://bugzilla.suse.com/show_bug.cgi?id=1212589
  * https://bugzilla.suse.com/show_bug.cgi?id=1212700
  * https://bugzilla.suse.com/show_bug.cgi?id=1212943
  * https://bugzilla.suse.com/show_bug.cgi?id=1213880
  * https://bugzilla.suse.com/show_bug.cgi?id=1214187
  * https://bugzilla.suse.com/show_bug.cgi?id=1214333
  * https://jira.suse.com/browse/MSQA-698

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/suma-updates/attachments/20240227/fcf74ad5/attachment-0001.htm>


More information about the suma-updates mailing list